Age | Commit message (Collapse) | Author |
|
For both options the values can just be passed to the kernel. All
unsigned values are accepted, thus no range checking required.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
|
|
adds the folloing missing options:
- learning
- rsc
- proxy
- l2miss
- l3miss
- gbp
See ip-link(3) for their meaning.
still missing:
- external
- gpe
I'm not sure how to handle them at the moment. It's unclear to me what
IFLA_VXLAN_* value corresponds to the 'external' option and according to
the manpage, gpe depends on it.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
|
|
This adds adds the ability to set the source port range for vxlan
interfaces.
By default vxlans will use a random port within the ephermal range as
source ports for packets. This is done to aid scaleability within a
datacenter.
But with these defaults it's impossible to punch through NATs or
traverese most stateful firewalls easily. One solution is to fix the
srcport to the same as dstport.
If only srcportmin is specified, then srcportmax is set in a way that
outgoing packets will only use srcportmin.
If a range is to be specified, srcportmin and srcportmax have to be
specified. srcportmax is exclusive.
If only srcportmax is specified, the value is ignored and defaults are
used.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
|
|
Add a rtnl helper for adding vlans to a bridge interface.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
If we want a bridge to be vlan aware we need to be able to turn on
filtering.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
It allows setting mappings for instance this way:
"""
config device
option name 'vlan41'
option type '8021q'
option vid '41'
option ifname 'eth1'
list ingress_qos_mapping '1:2'
list ingress_qos_mapping '2:5'
list egress_qos_mapping '0:3'
"""
Signed-off-by: Pau Espin Pedrol <pespin.shar@gmail.com>
Tested-by: Pedro <pedrowrt@cas.cat>
|
|
Use struct device pointer as parameter instead of bare ifname allows
for some simplication and again removing system_ifname_resolve()
function introduced in commit d93126d.
Fixes: d93126d ("interface: allow renaming interface when moving to jail netns")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
Introduce jail_ifname option to define the name of a Linux network
interface when moved into a jail's network namespace.
This is useful for containers which expect the network interface to
have a specific name (eg. 'host0' in case of systemd).
While at it, clean-up and fix bugs in jail interface up/down routines.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).
Example /etc/config/network snippet:
config device 'veth0'
option type 'veth'
option name 'vhost0'
option peer_name 'virt0'
config interface 'virt'
option type 'bridge'
list ifname 'vhost0'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
config interface 'virt0'
option ifname 'virt0'
option proto 'static'
option ipaddr '10.0.0.2'
option netmask '255.255.255.0'
option gateway '10.0.0.1'
option dns '10.0.0.1'
option jail 'transmission'
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
This adds support for xfrm interfaces. These interfaces can be used since
linux 4.19 for IPsec traffic, like VTI interface.
XFRM interfaces are less complicated compared to VTI because they need no IP
tunnel endpoints.
|
|
The neighbor or neighbor6 network section makes neighbours
configurable via UCI or proto shell handlers. It allows to
install neighbor proxy entries or static neighbor entries
The neighbor or neighbor6 section has the following types:
interface : declares the logical OpenWrt interface
ipaddr : the ip address of the neighbor
mac : the mac address of the neighbor
proxy : specifies whether the neighbor ia a proxy
entry (can be 1 or 0)
router : specifies whether the neighbor is a router
(can be 1 or 0)
Signed-off-by: Alexander Meuris <meurisalexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Similar as for ip6 tunnels ignore encaplimit by default as not all ISPs
support the destination option header containing the tunnel encapsulation
limit resulting into broken connectivity
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Make encapsulation limit of IP6 tunnels configurable for the ds-lite/map
proto shell handlers as not all ISPs support the destination option header
containing the tunnel encapsulation limit value as reported in FS#1501.
The IP6 tunnel specific setting encaplimit is parsed as a nested json
data object; setting it to ignore disables the insertion of the
destination option header while a value from 0 till 255 sets the
tunnel encapsulation limit accordingly in the destination option header.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
Parse map-e fmrs parameters IPv6 prefix, IPv4 prefix, ealen and offset
as array elements nested in a data json object.
At the same time remove the now obsolete TUNNEL_ATTR_FMRS tunnel attribute.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Commit 7573880ac042c6e5c8d48b1ad83d357b5e02743b added support for 6rd
attributes as a nested json data object which makes the attributes
TUNNEL_ATTR_6RD_PREFIX and TUNNEL_ATTR_6RD_RELAY_PREFIX unused
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
cppcheck found printf functions with signed instead of unsigned
formats. Fix those as well as some non-matching function
declarations.
Signed-off by: Rosen Penev <rosenp@gmail.com>
|
|
Parse 6rd specific settings prefix, relay-prefix as nested json data objects.
At the same time improve 6rd error handling.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Parse vti specific settings ikey and okey as nested json data object.
At the same time remove the now obsolete TUNNEL_ATTR_INFO attribute.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Parse gre specific settings ikey, okey, icsum, ocsum, iseqno and oseqno
as nested json data object
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
VXLAN shares many attributes with the tunnel devices, so it is implemented
as a new tunnel type. The 'remote' attribute can be used for an unicast
peer or a multicast group.
The IANA-assigned port 4789 is used by default, instead of the non-standard
port Linux defaults to.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
The veth config code mostly handles the primary interface of a veth pair,
the secondary interface is not explicitly referenced and will be found as
an unrelated interface after the pair has been created.
This doesn't only allow us to keep the veth code simple (and similar to
existing device handlers), but will also avoid complicating handling
unnecessarily in case the secondary interface is moved into another network
namespace.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Route proto support is usefull when using route distribution
via a routing daemon.
The route proto parameter can be specified via the route proto
uci config parameter, it can hold a numerical value or the string
values unspec, kernel, boot, static or a string present in
/etc/iproute2/rt_protos.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
RFCs suggest some parameters of IGMP and MLD to be configurable by
the administrator. With this patch the following parameters are
configurable:
* robustness (default: 2)
* query_interval (default: 12500 [125s])
* query_response_interval (default: 1000 [10s])
* last_member_interval (default: 100 [1s])
Depending on the size and nature of the network topology administrators
might want to increase or decrease these parameters.
netifd will take care of configuring any other parameters which are
dependant on the ones above and set them according to the formulas
provided in the RFCs. These parameters of the bridge are
membership_interval, querier_interval, startup_query_interval,
startup_query_count and last_member_count.
RFCs allow setting three more parameters to be configurable:
startup_query_interval, startup_query_count and last_member_count.
However this patch does not export them, as they can be indirectly
tuned via the given, exported four parameters, too.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
output
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
If the number of entries in the MDB exceeds hash_max then the
multicast snooping capabilities of the bridge are disabled
automatically.
The default value for hash_max is 512 which is already exceeded by some
wireless community mesh networks. They need to be able to set a higher
value.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
IGMP snooping
In larger networks, especially big batman-adv meshes, it may be desirable to
enable IGMP snooping on every bridge without enabling the multicast querier
to specifically put the querier on a well-connected node.
This patch adds a new UCI option 'multicast_querier' for bridges which allows
this. The default is still the value of the 'igmp_snooping' option to maintain
backwards compatiblity.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
Config support to set the MLD host version on device level; possible values are :
1 : MLDv1
2 : MLDv2
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cleaned up and simplified.
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Config support to set the IGMP host version on device level; possible values are :
1 : IGMPv1
2 : IGMPv2
3 : IGMPv3
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cleand up and simplified
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Reverse path filtering config support; possible values are:
0: no source validation
1|strict: strict mode as packet will be dropped if the
incoming interface is not the best reverse path
2|loose: loose mode as packet will be dropped if the
source address is not reachable via any interface
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
When a device with the same name is deleted and created again in the kernel
the ifindex changes.
A race condition will occur when netlink event messages linked to the old device
are processed and will thus overwrite the correct ifindex of the new device.
Further make sure a valid ifindex is in place for both external and internal
devices when setting the state to enabled.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Tos support is added as a generic gre parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Adds support for gre, gretap, grev6 and grev6tap tunnels
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Do not treat RT_TABLE_MAIN as RT_TABLE_UNSPEC in system_resolve_rt_table() in
order to allow ip rules with lookup main to work as expected.
Provide a new function system_is_default_rt_table() to allow calling code to
specifically test for RT_TABLE_MAIN, this is going to be needed for the
backwards compatible handling of the table attribute in route objects.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Patch adds route type support in netifd by means of the route parameter type.
By default the route type was unicast; the parameter adss support for local/broadcast/multicast/unicast routes which will be put into the appropriate routing table.
If route type parameter is unset the route type will be unicast as before.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
At moment netifd supports just 802.1q vlan, you can configure them using a concise but "hacky"
syntax using an interface config section, with this patch netifd acquire the capability
of configuring 802.1ad and 802.1q vlan using config device sections, so you can define a vlan device
plus interface with something like this:
config device 'test'
option type '8021ad'
option name 'test'
option ifname 'eth0'
option vid '1000'
config interface 'testif'
option ifname 'test'
option proto 'none'
option auto '1'
old syntax for 802.1q keeps working so no retrocompatibility problems,
to keep retrocompatibility means also that user must not use name/ifname like eth0.2
for devices declared with the new style because this would trigger the "old style"
when interface config section is parsed
Signed-off-by: Gioacchino Mazzurco <gmazzurco89@gmail.com>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Reapply bridge mtu setting as adding a bridge member will override the bridge mtu in the kernel
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Make tunnel don't fragment bit configurable via UCI
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Tunnel MTU is applied according to the tunnel MTU UCI parameter
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Luka Perkov <luka@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
|
|
[netifd] add bridge priority option
Using the bridge priority (lower numbers are higher in the
hierarchy), one can ensure that the router is chosen as root
bridge in a setup with spanning tree protocol.
For instance, one can set the priority of network lan to 32767,
causing the router to win over all directly and indirectly
connected nodes that have a default priority of 32768.
The reason for doing that is that otherwise it has a default
priority 32768 as well and any other connected node could win and
get root bridge. In a home setup, those nodes are often desktop
or laptop boxes and get switched off from time to time. As a
consequence, root bridges vanish or new root bridges get chosen
relatively often, resulting in frequent topology changes to the
STP network. While the new topology has not settled, packets can
get lost, causing noticeable interruptions of network traffic.
Setting the router's bridge on a lower numbered priority (and thus
higher in the selection hierarchy) solves the problem in the vast
majority of the cases by ensuring that the device that is most
likely powered on 24/7 gets chosen as root and prevents topology
changes.
Signed-off-by: Niels Boehm <blubberdiblub@gmail.com>
|
|
|